diff options
author | Dan Williams <dcbw@redhat.com> | 2014-01-21 13:41:18 -0600 |
---|---|---|
committer | Dan Williams <dcbw@redhat.com> | 2014-03-25 12:29:19 -0500 |
commit | f15daac0921ef2b489115c320cea914e78c34c0a (patch) | |
tree | 7f9d75d2a12977b8d78a77bd81b01836920a9d4f | |
parent | da59b6d2229b85afbb9e14846931376340dc6030 (diff) | |
download | NetworkManager-f15daac0921ef2b489115c320cea914e78c34c0a.tar.gz |
core: respect connection permissions for internal activation requests
Similar to "core: respect connection user permissions for activation/deactivation",
if a master connection is being activated because a slave connection requested
it, ensure that the user requesting the master connection is allowed to
activate it.
Backport-of: efd0e2a589866de0b9fc71253325fcde33a847ac
-rw-r--r-- | src/nm-manager.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/src/nm-manager.c b/src/nm-manager.c index c91fb30692..9dc475bd18 100644 --- a/src/nm-manager.c +++ b/src/nm-manager.c @@ -2891,6 +2891,7 @@ nm_manager_activate_connection (NMManager *manager, NMConnection *master_connection = NULL; NMActiveConnection *master_ac = NULL; gboolean matched; + char *error_desc = NULL; g_return_val_if_fail (manager != NULL, NULL); g_return_val_if_fail (connection != NULL, NULL); @@ -2912,6 +2913,19 @@ nm_manager_activate_connection (NMManager *manager, dbus_error_free (&dbus_error); return NULL; } + + /* Ensure the subject has permissions for this connection */ + if (!nm_auth_uid_in_acl (connection, + priv->session_monitor, + sender_uid, + &error_desc)) { + g_set_error_literal (error, + NM_MANAGER_ERROR, + NM_MANAGER_ERROR_PERMISSION_DENIED, + error_desc); + g_free (error_desc); + return NULL; + } } /* VPN ? */ |